Virus and Spam

Spam Email

The purpose of this bulletin is to give a brief overview of the problem of “spam”. Spam is email that you may receive from a completely unknown source, almost always unwanted, and very often potentially dangerous. It is important to be aware of the dangers of spam, because it is often used by individuals with criminal intent to perpetrate identity fraud.

Spammers’ Objectives

Most spammers are legitimate, albeit obnoxious, business people who are merely trying to make a profit selling goods and services. However, there is also a significant sector of the spammer world that is composed of criminal elements. Organized criminal elements from various parts of the world are often involved in the spam business. For this reason, it is important to understand that spam can be very dangerous.

Spammers’ Methods – Mailing List Builders and Sellers

Legitimate businesses exist worldwide which compile and sell mailing lists of email addresses. Email mailing lists are very valuable because for the cost of a few pennies, it is possible to email potential customers or victims numbering in the millions located in all 200+ countries worldwide—something which would cost millions of dollars to implement using conventional “snail” mail.

Emailing list companies harvest email addresses legitimately, illegitimately, and also “methodically”. For example, emailing list companies will take a known email address and run a computer program to generate “educated guesses” about email addresses within the home institution from which the email address originated.

The method works like this:

If the email address for John Smith at Wilson College or the SuperBizzie.com company is known to be:

jsmith@wilson.edu john.smith@superbizzie.com

The email list company will send out a blastogram that would span a range of addresses such as:

asmith@wilson.edu ann.smith@superbizzie.com

bsmith@wilson.edu anne.smith@superbizzie.com

csmith@wilson.edu annette.smith@superbizzie.com

….. etc …. ….. etc ….

zsmith@wilson.edu zoe.smith@superbizzie.com

Addresses that generate “unknown address” messages are simply crossed off their list. Those that don’t are addedautomatically to their list.

PLEASE NOTE - For safety and security reasons, the Wilson College email server DOES NOT respond AT ALL to messages sent to invalid addresses. These messages are just deleted. More and more administrators are adopting this policy to block these types of attacks.

As you can imagine, if it is your business to generate emails, and you have the technical means, it is not hard to generate emailing lists with literally millions of email addresses.

Email mailing list vendors also routinely troll websites to harvest email addresses. So, for example, we must take for granted that any email address posted on the Wilson College website will inevitably end up on emailing vendors’ lists. Then, those vendors will generate “educated guesses”, as described above, to add names to their lists.

Legitimate vendors are genuinely respectful of those wishing to be crossed off of their lists. However, the illegitimate vendors merely use “unsubscribe” messages to confirm vulnerable victims! Therefore, if you receive spam from an unknown source, it is best NOT to follow the “unsubscribe” process offered by the spammer. More about this later.

Such spammer emailing lists can be bought on the open market. Their price will depend on their size, quality, and reputability.

Spam Filters – How They Work, How They Fail

In a good year, the problem of spam can cost US businesses millions of dollars per year. Spam clogs up circuits and storage space, both of which cost money to make available for legitimate usage. Furthermore, spam is often also the “infectious pathogen” for criminal schemes, and computer viruses. Businesses keep their cases of victimization confidential, because it does not make them look good. However, it should be noted that some spam-propagated viruses in the past few years have brought the Fortune 500’s email systems to their knees for periods of up to 48 hours.

Spam filtering companies work on principles similar to those used by email address list builders. Filtering companies harvest spam and build databases that identify: (1) senders (originating email addresses) (2) subject lines, and (3) message content. This database data is then constantly fed to the customers of the spam filtering companies. Spam filtering software scans incoming email messages for patterns matching the spam filtering database records, and eliminates those that match the identified patterns.

Spammers try to get around filtering software by varying the “patterns” of their spam. Spammers will constantly change their “sender” email address, using legitimate and illegitimate methods. Then, they will inject characters, digits, and text randomly into the subject lines and message text fields to degrade the identifiable patterns used by spam filtering software. This explains why much spam today contains seemingly bizarre or nonsensical characters or strings of text (often classical poetry) that seems completely unrelated to the purpose of the message.

Worldwide Spam Problem

A December 6, 2006 article in the New York Times noted that in 2003, Bill Gates had predicted that the spam problem would be solved by 2006. Spam received by businesses was significantly reduced in early 2006. However, in the second half of 2006 there was a resurgence of spam received by businesses even greater than before. Currently, the problem of spam is seen in terms of crisis proportions, because spammers’ techniques for evading spam filtering technologies are in ascendancy.

The most successful current technique that spammers are using is to transfer their messages to picture formats (jpg or gif files) and embed them in emails containing random and meaningless text. This type of spam is known as image spam. Spam filtering companies are working on new ways to filter this type of spam, but have not yet developed a way to filter out image spam.

Spam-filterers (the Good Guys) are constantly chasing a moving target. Right now, the bad guys are winning. We’ll keep you posted.

You can view a recent chart of the global spam epidemic published by Commtouch Software by clicking
here

Bulletin Date: 10 April 2007

Preventing Spam

If the volume of your spam is not too excessive, it is helpful if you forward spam you receive to spam@wilson.edu. This is the address that Wilson College uses to register spam so that it can be added to our filtering software.

There is not much more you or Wilson College’s IT Team can do about spam. There is currently a worldwide epidemic of spam which is affecting every business and institution as badly as Wilson College. According to one spam filtering company, nine out of ten messages currently sent across the internet are spam. This is confirmed by the our experience at Wilson College.

Real Life Wilson Example:

Between 8:30AM on 08 Jan 2007 and 8:45AM on 9 Jan 2007 (Just over 24 hours), Wilson College received 49,592 emails.

Of those, 39,666 (79%) were immediately deleted by our SPAM and anti-virus filters.

Of the 39,666 that were deleted, 57 contained viruses and 39,609 were detected as SPAM.

Since we know that a lot of SPAM still got through, we can assume that the actual volume of SPAM received was very possibly close to 90% of total email received.

Veteran users will receive more spam than new users. It is just a matter of time before spammers acquire your email address.

There is currently a worldwide epidemic of spam which is affecting every business and institution as badly as Wilson College. It is very possible that the spam epidemic will get worse before it gets better. The IT Team is monitoring industry reports so that we can react optimally to changing conditions.

Revised: 10 April 2007

Spam Filters

Virus and SPAM scanning is handled at Wilson College by a product known as Sybari. The company has recently been purchased by Microsoft so this should increase it’s effectiveness.

Unlike some solutions that deliver all messages to your mailboxes and THEN try to filter viruses and SPAM, Sybari filters them BEFORE they get to you. Messages detected by our system are just deleted instead of just tagged as SPAM or delivered to a SPAM folder which you would need to empty.

We went with this particular company due to their extremely high Virus (Zero since installation in 2000 following an outbreak of the Melissa virus) and SPAM (>95%) detection rates as well as their low “false positive” rates (<1 in 10,000). The SPAM detection rate has dropped recently due to the worldwide proliferation of “Image SPAM”.

The Virus scanner scans each message with scanners from multiple vendors for greater security (If one vendor misses it, another will catch it)